Digital signal enciphering and deciphering apparatus and system

ABSTRACT

A digital signal of n-bit words N i  is enciphered into an enciphered signal of n-bit words R i . In an enciphering unit, a logic circuit delivers each enciphered word R i  through a logic operation g performed on the word N i  and on an n-bit, stored, enciphering word P i-l . An addressing circuit formulates an address word A i-l  having a bits fully or partly belonging at least to the preceding enciphered word R i-l . A memory of 2 a  predetermined P i-l  words is read by each address word A i-l  to supply a corresponding word P i-l  to the logic circuit for it to perform the g operation such that R i  =g(N i , P i-l ). A deciphering unit receives the enciphered words R i  for formulating the address words A i  controlling reading of the corresponding words P i  out of 2 a  stored words. Each deciphered word N i  is obtained by a logic operation h, referred to as contrary to g, performed on the enciphered word R i  and on the stored word P i-l , such that N=h(R i , P i-l ). The memories can be programmed by a computer, which, as per a predetermined algorithm, computes a table of words P i  for a given key.

CROSS REFERENCES TO RELATED APPLICATIONS

Applicants hereby make cross references to their Patent ApplicationPCT/FR 80/00 149, filed Oct. 10, 1980 and claim priority thereunderfollowing the provisions of 35 U.S.C. 119.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a system for enciphering anddeciphering a digital signal conveying n-bit words N_(i), wherein idenotes the rank of the word N_(i) in the signal, into a digitalenciphered signal having n-bit words R_(i), said system comprising, inan enciphering unit at the transmitting end, logic means for performinga logic function g applied to each word N_(i) and to a predeterminedn-bit word P_(i-1) to produce the corresponding enciphered word R_(i)=g(N_(i), P_(i-1)) and means further comprising a register receiving theenciphered word R_(i) to produce the words P_(i-1) according to apredetermined algorithm based on the enciphered words R_(i), and, in adeciphering unit at the receiving end, logic means for performing alogic function h, called contrary to or the complement of the goperation, applied to each enciphered word R_(i) and to thepredetermined word P_(i-1) to produce the corresponding deciphered wordN_(i) =h(R_(i), P_(i-1)) and means analogous to these of the encipheringunit for producing words P_(i-1).

2. Description of the Prior Art

The enciphering and deciphering terms are used in the presentspecification for the particular application to a signal conveyingalphanumeric signals; however the invention is, generally speaking,related to any encrypting and decrypting, encoding and decoding orscrambling and unscrambling of a digital signal. Reference is made,hereinafter, as an examplary application, to the digital signal which isemitted from a teletext system and conveys, via a broadcasting networktransmission medium, such as televized pictures network, pages ofwriting that will be visualized by conventional television receivers.

In a teletext system, the written pages are made up of alphanumericcharacters which carry the information and characters required for thesyntax and are generally transmitted in the form of 8-bit bytes. At thetransmitting end, the digital signal conveying the characters is appliedto multiplexing means which suitably insert it into the conventionalvideo signal, for example into the frame synchronizing and blankingsignals. After having been carried via the television link, thecomposition signal is received in the user's terminal and isdemultiplexed to separate the digital signal from the video signal. Byusing a syntactical monitor, the written pages conveyed by the digitalsignal are reproduced for visualization by the television set.

The access controlling device embodied in a teletext system is of aconventional nature. The calling subscriber has an access meansconsisting of a data medium in which all the data characterizing theuser and his accessible area are stored. The controlling device acquiresthis data and compares it, on the one hand, with the identified datawhich may perhaps be inside the terminal and, on the other hand, withthe data characterizing the user's call. If the comparison is positive,the system "gives access" to the information.

In a broadcast teletext system, the information is received virtuallyeverywhere and is thus accessible via straightforward technologicalmeans available to the general public. Transmission at frequenciesspecifically earmarked for this use would only constitute an illusoryprotection. The same goes for any device which would keep theinformation in a directly usable form. Moreover, the advent and thefast-growing spread of "house-hold or personal" computer set-ups isplacing considerable computation powers at the hands of an increasingnumber of people. In view of all this, it would seem essential toencipher not only the teletext system order codes, but the whole datamessage. This solves, incidentally, the problem of the secrecy which maywell be necessary for certain institutional uses of the teletextservices. Generally speaking, in an enciphered transmission system, wefind:

a source of N messages belonging to the overall range of possiblemessages;

an enciphering unit performing a function f which, for a given messageN, generates a corresponding cryptogram (resulting enciphered message) Rbelonging to the overall range of possible cryptograms, in accordancewith the relationship:

    R=f(N,C)=f.sub.C (N)

where C is a code word known as a used enciphering key;

the transmission medium via which the enciphered messages R pass;

a deciphering unit performing the inverse function f_(C) ⁻¹ of thefunction f_(C) which gives rise to the initial message N, correspondingto the cryptogram R, obtained through the key C as per the relationship:

    N=f.sub.C.sup.-1 (R); and

"safe" means for distributing the key C.

By looking at this organization, we can see that two fundamentalproblems have to be solved, namely the choice of a function f and thechoice of key C together with its distribution. The present inventiondeals only with solving the first of these problems.

In the most frequently used enciphering and deciphering systems, theenciphering unit comprises a logic unit having two input buses. One ofthe input buses receives the n-bit N_(i) words of the digital signal tobe enciphered and the other input bus receives n-bit P_(i) predeterminedwords. The logic operation carried out by the logic unit is usually aModulo-2 addition; in other words, this unit contains a set of parallelexclusive OR gates, each receiving a pair of like-rank bits of twoassociated words N_(i) and P_(i). The advantages of applying thisexclusive OR logic operation lies in the fact that it can be employed inthe enciphering unit by applying the corresponding enciphered word R_(i)and the predetermined word P_(i) to the inputs of a logic unit containedin the deciphering unit which is analogous to one of the encipheringunit in order to restore the deciphering word N_(i).

The means for producing the predetermined words P_(i) are identical inthe enciphering and deciphering units. As a rule, they comprise a randomor quasi-random binary generator which are directly representative ofthe predetermined words P_(i) (U.S. Pat. No. 4,133,974) or in which thebits are selected and undergo logic operations, for example by means ofaddressing a random access memory or a read only memory, writing ofwhich is controlled by certain bits of the random binary words (FrenchPatent Application Nos. 2,210,307 and 2,265,221 respectively equivalentto United Kingdom Pat. No. 1,393,920 and U.S. Pat. No. 3,984,668).

The major drawback of an enciphering and deciphering system such as thisis that the pseudo-random generators in the enciphering and decipheringunits must be synchronized. Indeed, the same predetermined word P_(i)must be applied in synchronism with the initial word N_(i) to beenciphered and the corresponding enciphered word R_(i) at the inputs ofthe enciphering and deciphering logic units. In other words, theenciphering operation must be started at the same time as thedeciphering operation. In order to ensure that both pseudo-randomgenerators begin operation at the same point in their operational cycle,it has heretofore been known to generate a sequence of digital bitsknown as "prime data". This prime data is utilized to control thestarting point of operation of the pseudo-random generator at theenciphering unit. The prime data is then transmitted over thetransmission medium to the deciphering unit whereupon detection, of itis utilized to control the starting point of the operation of thepseudo-random generator at the deciphering unit.

When the deciphering is linked to the message syntax, the prime dataword can be inserted between the lines of the text message (FrenchPatent Application No. 2,210,307). Should the encrypting not be linkedto the message syntax, then the prime data word is transmitted firstbefore the enciphered message. Whatever the case may be, the twopseudo-random generators are started at the same point of operation byprior identification of one and the same message key.

As a correlation to this synchronization drawback, the majority ofenciphering units literally transmit this prime data word over thetransmission medium, such that an unauthorized person would be able todetect the prime data by tapping into the transmission medium, inasmuchas the prime data is required to be transmitted over the transmissionmedium prior to the deciphering operation.

U.S. Pat. No. 4,133,974 provides a way of partly overcoming thisdrawback by enciphering the prime data word itself. According to thisPatent, the first synchronization word called "prime data" istransmitted in full over the transmission medium, and the othersynchronization words following behind are enciphered.

It will be noticed that other enciphering and deciphering systems based,not on a logic operation performed on the words to be enciphered and thepseudo-random words, but rather on a permutation and/or replacement ofthe enciphered words, also entail the transmission of a synchronizationword from the enciphering unit to the deciphering unit. For instance,German Patent Application No. P 26 39 806.1-31, equivalent to UnitedKingdom Pat. No. 1,542,350 discloses that each word to be enciphered isfirst of all replaced by another word obtained by addressing in readinga memory which contains a predetermined table. The word read in thismemory then undergoes a straightforward permutation. Consequently, theresulting enciphered word replaces the initial signal word. Once again,the encrypting and decrypting must be synchronized by a synchronizationword transmitted before the enciphered message, so that the readaddressing by each initial word matches the read addressing by theenciphered word corresponding to the initial word.

All the aforementioned enciphering and deciphering methods entail thetransmission of a synchronization word, generally in constant periodsdepending on the message syntax. In other words, two identical initialmessages correspond to one and the same enciphered message, therebyconsiderably limiting the safeguarding from any unauthorized decipheringof the enciphered message.

To take precautions agains all these drawbacks, the Article by S.JEFFERY and D. K. BRANDSTAD, entitled "Data Encryption" and published inElectro Conference Record, El Segundo, U.S.A., 1977, pages 30/4-1 to30/6-6, discloses an enciphering and deciphering system similar to thetype described in the beginning of the present specification. The meansfor producing the P_(i) predetermined words are incorporated into alogic circuit loop between the output of the enciphering, respectivelydeciphering logic unit and an input into this logic unit. Under theseconditions, the P_(i) words are predetermined by the words to beenciphered, respectively enciphered words, themselves; put another way,this means that, at the start of the system operation, the P_(i) wordproducing means synchronize themselves, with no need for transmitting aparticular synchronization word. Furthermore, this self-synchronizationenables two identical messages awaiting enciphering at different timesto make two different enciphered messages correspond, due to the factthat the content of the P_(i) word generating means register is, fromwhat has gone before, different at these two times. It then follows thatdeciphering an enciphered message delivered by such a system isvirtually impossible since the unauthorized person must know not onlythe different keys used together with the algorithm employed in theP_(i) word producing means but also their initial register content.

In the aforementioned Article, the P_(i) word generating meanscomprises, between an input register connected to the logic unit outputand an output register connected to an input of the logic unit, aplurality of logic circuits which perform simple logic operations, suchas permutations and Modulo-2 additions between bytes of the word storedin the input register and the selected key word. These logic operationsare repeated a great many times by feedback into the logic circuits as awhole. It then becomes apparent that for a given incoming-messagedigital data rate, the word handling speed applied in these logiccircuits must be high, thus contributing towards an overall system costwhich is rather incompatible with the equipment available to the generalpublic.

OBJECT OF THE INVENTION

The principal object of this invention is to provide an enciphering anddeciphering system of the afore-described type in which thepredetermined word producing means make use of logic circuits operatingat the same digital data rate as the incoming passages. As will be seenat a later stage, instead of each predetermined word being calculated asper a determined algorithm for each message word, as the transmission ofthe message words progresses, the predetermined words according to theinvention are calculated beforehand prior to enciphering the messageusing an algorithm predetermined by the key and then stored in a randomaccess memory which is read at the same speed as the flow rate of thewords to be enciphered, resp. deciphered words.

SUMMARY OF THE INVENTION

Accordingly, the enciphering and deciphering system is characterized inthat each of the P_(i-1) predetermined word producing means comprisesmeans having their output connected to logic means for memorizing 2^(a)predetermined P_(i-1) words stored at respective a-bit addresses A_(i-1)and means connected to the register for read addressing said memorizingmeans by said A_(i-1) addresses whose a-bit wholly or partly belongs tothe word stored in the register.

The g and h functions, called respectively enciphering function anddeciphering functions, cause an N_(i) word of the enciphered message tocorrespond with each R_(i) word of a message to be enciphered, whereboth have n bits. This bijection is defined by a table of stored P_(i)words. This table is determined by a suitable software or algorithm in acomputer. The computer receives a corresponding code word or key for agiven message. It computes, according to the algorithm in function ofthe given key, the P_(i) words and write them at respective addresses ofa programmable memory which contains 2^(a) cells, each having n stages.In the computation step, prior to enciphering, respectively deciphering,the computer of the enciphering, respectively deciphering unit controlsthe disconnection of the addressing means and the programmable memory.

In accordance with a general embodiment, the integers n and a aredifferent. The addressing means can include a shift register in seriesreceiving a number n of bits of the R_(i) words. The content of anaddress A_(i) then depends, not only on the bits previously encipheredR_(i-1) words, but also on the bits of the words enciphered beforehandR_(i-1), R_(i-2), . . . . The addressing means can further include meanscontrolled by the computer for selecting a outputs of the register r, infunction of the given key. This further contributes to enhancing thesecrecy of the enciphering.

The fact that the A_(i) addressing depends on the preceding encipheredwords, endows the system, as will be seen at a later stage, with aself-synchronization property. In other words, no additional word isrequired to synchronize the enciphering and deciphering units, since anincorrectly enciphered word received in the deciphering unit will befollowed by only a relative small number J of erroneous encipheredwords, the J+1th enciphered word being assuredly suitable. This number Jdepends on the ratio r/n.

Moreover, to increase the transparency properties of system, the inputsof the enciphering and deciphering units can comprise aparallel-to-parallel converter converting the m-bit word digital signalto be enciphered (m≠n), respectively enciphered signal sent over thetransmission medium, into a digital signal of n-bit words which will behandled in this format in the enciphering and deciphering units, withoutaltering the digital data rate in the transmission medium. Twoparallel-to-parallel converters perform the inverse conversion and areprovided at the outputs of the enciphering and deciphering units. Theuniversality property of the system thus becomes enhanced, since theenciphering and deciphering operations are performed irrespective of theformat of the words of the initial digital signal and, of course, of thecontent and syntax of the transmitted information.

The advantage of an elementary enciphering unit and an elementarydeciphering unit embodying the invention is that they have the propertyof being iterative at will, with no appreciable deterioration of theproperties inherent in the system. In this respect, for a systemcomprising K pairs of elementary enciphering and deciphering units,whose g and h logic functions are defined as being contrary according tothe foregoing relationships, the elementary enciphering units are seriesconnected in their increasing index from the input to the output of theoverall enciphering unit and the elementary deciphering units are seriesconnected in their decreasing index order from the input to the outputof the overall deciphering unit. A structure such as this, with at leasttwo pairs of elementary enciphering and deciphering units, significantlyincreases the protection of the secrecy, making deciphering virtuallyimpossible for any third party not knowing the two tables of P wordsassigned to the two pairs.

Lastly, another advantage of the enciphering unit (respectivelydeciphering unit) embodying the invention is that its input receivingthe digital signal to be enciphered and its output delivering theenciphered digital signal are of the same nature. This makes it possibleto insert the enciphering, respectively deciphering, unit in an alreadyexisting circuit line.

BRIEF DESCRIPTION OF THE DRAWING

Other advantages of the present invention will become apparent from thefollowing description of preferred embodiments of the system asillustrated in the corresponding accompanying drawings, in which:

FIG. 1 is a schematic block diagram of an elementary enciphering unit inaccordance with the invention;

FIG. 2 is a schematic block diagram of an elementary deciphering unit inaccordance with the invention; and

FIGS. 3A and 3B are schematic block diagrams of a system having aplurality of pairs of elementary enciphering and deciphering unitsanalogous with those in FIGS. 1 and 2.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 schematically depicts an elementary enciphering unit 1 embodyingthe invention. It will be noticed, first of all, that the links betweenthe various blocks of FIG. 1 and also of FIGS. 2, 3A and 3B are made upof parallel-wire buses, unless otherwise stated. Each bus is conjointlyreferred to the types of parallel-bit words it conveys.

The input E₁ of the enciphering unit 1 receives a digital signal in theform of parallel m-bit binary words M(m). If need be, aparallel-to-parallel converter 10 may be provided for converting M(m)word signal into a digital signal conveying N(n) words, each having nparallel bits, where the integer n is not the same as the integer m. TheN(n) words are applied to n parallel first inputs 110 of a logic circuit11 which performs a logic operation g. This operation covers two wordsN_(i) (n) and P_(i-1) (n), each having n parallel bits. The P_(i-1) (n)word is selected in dependence on N(n) words which have a rank less theni-1 and which are transmitted before the N_(i) (n) word. The P_(i-1) (n)word is delivered from a programmable memory 12 to n parallel secondinputs 111 of the circuit 11, as will be seen at a later stage. Theoutput bus 112 of the circuit 11 delivers resulting R_(i) (n) words withn parallel bits, such that:

    R.sub.i =g(N.sub.i,P.sub.i-1)

The g operation is a combinative function presenting the propertiessought from the statistical point of view.

The R_(i) word is supplied, via an n-wire bus 130, to an addressingcircuit 13 and, via an n-wire bus 140, to an output circuit 14. Theoutput circuit 14 comprises a buffer register preceding the output S₁ ofthe enciphering unit. Should the converter 10 be used, the outputcircuit 14 would include a parallel-to-parallel converter which convertsthe stream of R(n) words into a stream of R(m) words. Otherwise, theoutput circuit is necessary.

The addressing circuit 13 comprises an r-stage register 131. The outputbus 132 of the addressing circuit 13 delivers a read address word A(a)of a bits (a≦r), each time an incoming R(n) word is received over thebus 130. The output bus 132 is connected to the addressing input 120 ofthe memory 12 which contains 2^(a) n-bit P(n) words. As a result, whenthe input 120 receives each addressing word A(a), the memory 12 deliversa P(n) word, via its output bus 121 to the input 111 of the logiccircuit 11.

Generally speaking, the numbers n, r and a are different. In this case,the addressing circuit 13 comprises, for instance, aparallel-to-parallel series converter 133 which converts each parallelR(n) word transmitted by the bus 130 into a series word which is stored,through the input wire 134 of the register 131, in the first stages ofthe r-stage shift register 131. The content of register 131 progresses,n bits by n bits, in terms of the incoming R(n) words. If we have r<n,only r predetermined rank bits of the R(n) word are recorded and will gotowards making up the A(a) addressing word. On the other hand, if r>n,all the R(n) word bits are stored in the shift register 131. These willbe used, together with the (r-n) bits previously stored and coming fromthe earlier R(n) words and, perhaps, from the initial register 131content, to compose the A(a) address words. In a third embodiment, ifn=r or n>r, then the converter 133 is no longer required and theregister 131 becomes a simple buffer register receiving the n bits or rbits of each of the R(n) words in parallel.

Also, in the general case, r differs from a, but is, of course, greaterthan a. A selecting circuit 135 selects a outputs of the register 131amongst r. This circuit 135 is conventionally comprised of r or lessthan r parallel AND gates and applies an A(a) word over the bus 132 eachtime a R(n) word is delivered on the output bus 112 of the logic circuit11.

However, according to the embodiment wherein r=a, the selecting circuit135 is done away with the r outputs of the register 131 are directlyconnected to the addressing inputs 120 of the memory 12.

It turns out that for an incoming N_(i) (n) word supplied in the logiccircuit 11, the addressing circuit 13 delivers an A_(i-1) (a) word whichis deducted from the content of the register 131 and which is made up ofcertain bits of the preceding resulting words R_(i-1) (n), R_(i-2) (n),. . . . A P_(i-1) (n) word is read in the cell of the memory 12 at theA_(i-1) (a) address and is combined with the N_(i) (n) word in thecircuit 11 so as to produce the resulting word R_(i) =g(N_(i), P_(i-1)).At the N(n), respectively M(m) word rythm, outcoming R(n), respectivelyR(m), words are applied to the output S₁ of the enciphering unit.

Prior to the incoming M(m) or N(n) message processing step in theenciphering unit 1, the enciphering table in memory 12, which may be aprogrammable ROM, is first of all written in. This table is made up of2^(a) n-bit P(n) words, certain of which may be equal. A computer 15chiefly comprises a software-associated microprocessor which is employedfor creating this table. Use of the table then merely impliesincorporating circuitry and is therefore very quick and simply limitedby the technology governing the circuit used. The software represents analgorithm established once and for all. Depending on a code word or keyC which is received at the computer input 150, the algorithm makes itpossible to compute P(n) words which are transmitted along an output bus151 of the computer and which are respectively written into the cells ofmemory 12 which are addressed beforehand by the computer 15 in the formof A(a) words, through an output bus 152 connected to the memoryaddressing input 120. In addition, as soon as the computer 15 receives akey C at its input 150, it emits an order signal over an output wire 153to addressing circuit 13, to register 131 in particular, and to memory12. The addressing circuit 13 is then disconnected from the memory 12,i.e. offers a high resistance in a bus 132, and the programmable memory12 assumes a writing or writing-reading phase when the computer 15 isdesigned for checking whether or not a P(n) word has been properlywritten in the cell corresponding to the provided address. Once thecomputer 15 has completed the computation and memorization step of the2^(a) P(n) words, the circuit 12, 11 and 13, loop is re-closed and theenciphering unit processes the incoming N(n), respectively M(m), digitalsignal.

As a complement to this, the selection circuit 135 selecting the routputs from the register 131 may be envisioned as being programmable.For this embodiment, for a given key C, the computer 15 addresses aaddress words selecting a outputs amongst r, via a bus 154 during theinitial computation and memorization step.

Transmission of the key C to the computer input 150 is governed by keyreading equipment 16, the operation of which depends upon the keyrecording medium. In general, for the enciphering unit 1 incorporated inthe means for broadcasting the signal to be enciphered which is to betransmitted to various users, the reading equipment 16 comprises akey-board or coding wheels with which an alphanumeric wordrepresentative of the suitable coded key, in binary coded decimal codefor instance, is assigned to each digital message which must beenciphered to make its detection selective at the user's facilities. Inaddition, two light-emitted diodes can be provided so as to warn theprogrammer that the computer 15 is in the P(n) word table computationstep or has completed it, in which case the programmer will start themessage transmission.

FIG. 2 schematically depicts the block diagram of deciphering unit 2which is associated with that of the enciphering unit 1 in FIG. 1. Thedeciphering unit 2 is located in each of the receiving facilities.

Unit 2 comprises, as in the case of the enciphering unit 1 and identicalwith the latter as regards its structure from the circuit 10, 12, 13, 14and 15 standpoint, a parallel-to-parallel converter 20, a programmablememory 22, an addressing circuit 23, an output circuit 24 and a computer25, respectively. The differing embodiments determined by the relationsbetween the numbers n, r and a respectively correspond to structure ofcircuits 20, 22, 23, 24 and 25 that are identical to those describedabove for the circuits 10, 12, 13, 14 and 15 of the enciphering unit 1.It can be seen that the analogous circuits and connecting bus in theenciphering and deciphering units 1 and 2 respectively carry the sametwo-figure number preceded by a 1 for the enciphering unit and a 2 forthe deciphering unit. We will consider hereinafter the general casewhere the integers n, r and a are different.

The input E₂ of the deciphering unit 2 receives a digital message to bedeciphered, which message is composed of m-parallel bit R(m) words, suchas those transmitted by the output S₁ of the enciphering unit 1. Theparallel-to-parallel converter 20 converts the R(m) words into R(n)words of n parallel bits which are transmitted from its output bus 200to the input buses 210, 230 of a logic circuit 21 and the addressingcircuit 23. As in the enciphering unit 1, the deciphering unitaddressing circuit 23 transmits an address word A(a) over its output bus232 to addressing input 220 of memory 22, each time it receives a R(n)word. The register 231 in the addressing circuit 23 also comprises rstages. When selection circuits 135 and 235 are not controlled bycomputers, they always select outputs of predetermined like rank of theregister 131 and 231, respectively. If the addressing circuits 135 and235 can be programmed by the respective computers 15 and 25 through thebuses 154 and 254, they select outputs of the registers 131 and 231whose ranks are programmed in terms of one and the same key C receivedat the inputs 150, 250 of the computers 15, 25. For the same key C, thecomputer 25 is subject to software identical to that of the computer 15and supplies Q(n) words to the memory 22, via the bus 251; the Q(n)words are respectively identical to the P(n) words and correspond toA(a) addresses transmitted through the bus 252 to the addressing input220 of the memory 22. Consequently, the computation step of the computer25 is identical to that of the computer 15 and, after this step, thetable stored in the memory 22 is identical to that stored in the memory12, for one and the same key, i.e. each pair (A, Q) is identical to apair (A, P).

The key reading equipment 26 of the deciphering unit 2 transmits the keyC to the input 250 of the computer 25 and may be different from theequipment 16 of the enciphering unit 1. In particular, the equipment 26can be made up of a magnetic-head type deck which reads the key Crecorded on a card enabling the programme or message broadcastingorganization transmitting in the enciphered digital signal R(m) mode tocheck on the tele-diffusion to the users.

The logic circuit 21 receives two words R(n) and Q(n) of n-bits each atits inputs 210 and 211 in synchronism. It performs an h logic functionreferred to as "contrary"--thus termed since it cannot be defined as areciprocal or inverse function in the true mathematical meaning of theword--such that the resulting n-bit R' word transmitted at the output212 of the circuit 21 is given by the following relationship:

    R'.sub.i =N.sub.i =h(R.sub.i, Q.sub.i-1)

when

R_(i) =g(N_(i), P_(i-1))

with

    Q.sub.i-1 =P.sub.i-1

These relationships are verified when synchronization has beenestablished between the enciphering unit 1 and the deciphering unit 2,i.e. when the content of the register 231 becomes identical to that ofthe register 131. When the register 231 has recorded all (r>n) or part(r<n) of a R_(i) (n) word of rank i in its first stages, the addressingcircuit 23 selects the address A_(i) (a) in such a way that the wordQ_(i) (n), such that Q_(i) (n)=P_(i) (n), is read in the memory 22. Thelogic circuit 21 then simultaneously receives the R_(i+1) (n) and Q_(i)(n) words over its inputs 210 and 211 and produces the word R'_(i+1)=h(R_(i+1), Q_(i))=h(R_(i+1), P_(i)) at its output. Now, according tothe previously stated property of the h function, contrary to g, and therelationship R_(i+1) =g(N_(i+1), P_(i)), we obtain:

    R'.sub.i+1 (n)=N.sub.i+1 (n)

It remains, however, to be shown that the synchronization is affectedand to calculate the necessary lag, i.e. the required number of wordsthat must be received by the deciphering unit 2 to achievesynchronization. Hence, in this respect, this property may be qualifiedas self-synchronization and no additional signal is required before themessage to be enciphered upon transmission in the enciphering unit 1 andwhich must be deciphered upon reception in the deciphering unit 2.

At the outset, i.e. at the time of the computation and memorizing stepcontrolled by the computer 15 of the enciphering unit 1, respectivelythe computer 25 of the deciphering unit 2, the contents of the registers131 and 231 are B_(o) (r) and D_(o) (r), which are "run of the mill" anda priori different.

The first N₁ (n) word is applied to the input 110 of the encipheringlogic circuit 11 which delivers the resulting word:

    R.sub.1 (n)=g(N.sub.1, P[B.sub.o ])

on the bus 112 for storing it in the register 131 and, possibly throughthe circuit 14, the corresponding word R₁ (m). The word P[B_(o) ]corresponds to that read in the memory 12 at the address correspondingto the content B_(o) of the register 131 after selection by the circuit135. After the R₁ (m) word and perhaps part of those following R₂ (m),R₃ (m) . . . , if m≠n, has been conveyed by the suitable transmissionmedium between the enciphering unit 1 and the deciphering unit 2, theinput 210 of the deciphering unit circuit 21 receives the R₁ (n) word.The circuit 21 computes R'_(i) (n)=h(R₁, Q[D_(o) ]), where Q[D_(o) ]corresponds to the word read in the memory 22 at the addresscorresponding to the content D_(o) of the register 231 after selectionby the circuit 235. We have, of course, R'_(i) (n)≠N₁ (n) sincedeciphering was not performed with the content (D_(o) ≠B_(o)) of theaddress register 131. Moreover, R₁ (n) was (fully or partly) memorizedin the registers 131 and 231 whose contents become B₁ (r) and D₁ (r). Inthis case, we note that the contents B₁ and D₁ have n identical bits atthe most belonging to the word R₁ (n). If r≦n, the stream of words N₂(n), N₃ (n) . . . received by the enciphering unit 1 and the stream ofwords R'₂ (n), R'₃ (n) . . . computed in the deciphering unit 2 thenbecome equal. On the other hand, should r>n, then for as long as mostsignificant bits belonging to the words B_(o) (r) and D_(o) (r) remainin the less significant stages of the registers 131 and 231respectively, the contents of the registers 131 and 231 will not beidentical. Correct deciphering comes about once the contents of theseregisters are identical, i.e. once all the B_(o) and D_(o) word bitshave been pushed out and replaced by bits of R(n) words. This calls forthe diffusion of J words along the transmission medium, where theinteger J is defined by:

    J=ENT[r/n]  if r=0 modulo (n)

or

    J=ENT[r/n]+1   if r≠0 modulo (n)

where ENT denotes the whole portion function.

The R_(J+1) (n) word of rank J+1 is then deciphered correctly. J will bereferred to as the self-synchronization lag.

Furthermore, it will be noted that for the same key C and the samemessage M(m), respectively N(n), to be enciphered, two encipheringoperations on this message give a priori two enciphered messages R(m),respectively R(n), that are different, since at two given times, theinitial contents B_(o) (r) of the register 131 are a priori different.This property advantageously enhances the secrecy of the information tobe transmitted.

Self-synchronization has a significant effect on the propagation oferrors due to the transmission medium between the enciphering anddeciphering stations. It is assumed that a R_(i) (n) word enciphered inthe enciphering unit gives, after conveyance through the transmissionmedium, a R_(i) *(n) word along the bus 200 of the deciphering unit.Under these conditions, the N_(i) *(n) word resulting from thedeciphering operation performed on the R_(i) *(n) word is wrong (N_(i)*(n)≠N_(i) (n)). In addition, the deciphering of the following nonerroneous R_(i+1) (n) to R_(i+J) (n) J words will be wrong becauseself-synchronization implies that J words are required for the contentsof the registers 131 and 231 to become identical. If we now extend theabove special case to a more general situation, should errors betransmitted in a group composed of I erroneous R_(i) *_(+I) (n) words,then I+J R_(i) *(n) to R_(i) *_(+I+J) (n) words would have to bedeciphered upon reception in the deciphering unit 2 before regainingcorrect deciphering. The propagation of errors is, in any case,restricted to J words.

Referring now to FIGS. 3A and 3B, the block diagrams of an encipheringunit and a deciphering unit deduced from units 1 and 2 in FIGS. 1 and 2by reiteration have been schematically shown. They respectively compriseK elementary enciphering units 1₁ to 1_(K) as per FIG. 1 and Kelementary deciphering units 2₁ to 2_(K) as per FIG. 2.

In FIG. 3A, we find, in each elementary enciphering unit 1_(k) (1≦k≦K),a loop made up of a logic circuit 11_(k) which performs the g_(k) logicoperation, an addressing circuit 13_(k) which includes an r_(k) -stageregister and delivering address words A(a_(k)) where a_(k) ≦r_(k), and amemory 12_(k) which has 2^(a).sbsp.k cells, each recording an n-bitP_(k) word. The input bus 110₁ of the first elementary enciphering unit1₁ is connected to the input E₁ of the overall enciphering unit, perhapsvia a parallel-to-parallel converter 10 that receives the message M(m)to be enciphered. The last elementary enciphering unit 1_(K) has itsoutput bus 140_(K) which is connected to the output circuit 14 whichtransmits the enciphered message R(m) from the output S₁ to thetransmission medium. The input bus 110₂, . . . 110_(K) of the logiccircuit 11₂, . . . 11_(K) of an elementary enciphering unit 1₂ to 1_(K)is connected to the output bus 140₁, . . . 140_(K-1) of the precedingelementary enciphering unit 1₁, . . . 1_(K-1), respectively.

Each elementary enciphering unit, such as 1₁ or 1_(K), may incorporate acomputer, such as 15₁ to 15_(K), associated with a programmable memory,such as 12₁ or 12_(K). Through its input, such as 150₁ or 150_(K), thecomputer receives a coded word or elementary key, such as C₁ to C_(K),which is peculiar to it for a given message to be enciphered, by meansof a common reading equipment 17 which is analogous to the equipment 16already described. The recording medium of the reading equipment 17(respectively 27 in the deciphering unit) contains a key C composed ofthe elementary keys and the computer addresses of the elementaryenciphering units (respectively deciphering units). However, certainelementary enciphering units such as 1₂, do not include a computer. Thememory, such as 12₂, of these enciphering units is then aread-only-memory containing the corresponding word P_(i),k (n) at eachaddress A_(i) (a_(k)). The corresponding address selection circuit, suchas 135₂, when present, is not programmable.

The elementary deciphering units 2_(K) to 2₁ of the deciphering unit inFIG. 3B each also comprises a closed loop analogous to the loop in FIG.2. For an elementary deciphering unit 2_(K) (1≦k≦K), we find an addresscircuit 23_(k) and a memory 22_(k) which are identical to 13_(k) and12_(k) in the elementary enciphering unit 1_(k). If the memories 12_(k)and 22_(k) are programmable, then the deciphering unit 2_(k) alsoincludes a computer 25_(k) having software and microprocessor identicalto those of the computer 15_(k) and which is controlled by a commonreading equipment 27 analogous to equipment 26 shown in FIG. 2. Asalready stated, a common key is made up of elementary keys C_(k) thatare respectively addressed by the equipment 27 at the input 250_(k) ofthe computers 25_(k) of the corresponding elementary deciphering units2_(k).

To ensure proper deciphering, through paired connections between anelementary enciphering unit 1_(k) and an elementary deciphering unit2_(k), the elementary deciphering units are successively connected, in adecreasing order from index K to 1, starting from the input E₂ of theoverall deciphering unit. The input bus 200_(K) and the deciphering unit2_(K) is connected to the input E₂, perhaps through aparallel-to-parallel converter 20 if the overall enciphering unitperforms a conversion from M(m) to N(n) words. The output bus 212₁ ofthe logic circuit 21₁ of the elementary deciphering unit 2₁ is connectedto the output S₂, via the output circuit 24. The output bus 212_(K), . .. 212₂, of the logic circuit 21_(K), . . . 21₂ of each elementarydeciphering unit 2_(K), . . . 2₂, is connected to the input bus200_(K-1), . . . 200₁ of the following elementary deciphering unit2_(K-1), . . . 2₁, respectively.

Each elementary deciphering circuit 2_(k), by means of its logic circuit21_(k), performs moreover the h_(k) function "contrary" to the g_(k)function performed by the logic circuit 11_(k) of the correspondingenciphering unit 1_(k). The secrecy achieved by an overallenciphering/deciphering unit pairing such as this is considerablyincreased at the price of a far greater circuit complexity.

Moreover, if we call j_(k) the self-synchronization lag of an elementarydeciphering unit 2_(k), then the self-synchronization lag J of theoverall deciphering unit composed of K elementary deciphering units 2₁to 2_(K) is given by the following summation: ##EQU1## where

    j.sub.k =ENT[r.sub.k /n]  if r.sub.k =0 modulo (n)

or

    j.sub.k =ENT[r.sub.k /n]+1   if r.sub.k ≠0 modulo (n)

As a non-limitating example, two applications of the enciphering anddeciphering operations in accordance with the invention are describedhereinafter.

The first application relates to a message transmitted in keeping withthe specifications of the French teletext system referred to as ANTIOPE("Acquisition Numerique et Televisualisation d'Images Organisees enPages d'ecritures"--Digital Acquisition and Televisualization ofWritten-Page Organized Images--). In this system, the message is made upof pages which are to be seen by users' conventional televisionreceivers. Each page is arranged into rows of characters. The content ofone page is thus made up of characters required for setting the page andconstituting the syntax, i.e. the starting point of pages, lines, linenumbers, etc. Each of these alphanumeric characters is transmitted inthe form of a word of 8 bits, N(8), or octets. These characters which,as a whole, constitute the message, are directly transmitted to theinput 110 of the enciphering unit logic circuit 11. All the words N, R,A and P are octets and the enciphering and deciphering units have astructure dependent on the simple embodiment where m=n=r=a=8. Theconverters 10 and 20 are eliminated, each of the addressing circuits 13and 23 includes only one simple 8-stage buffer register, i.e., registers131, 231 respectively. The bus 140 outputting the enciphering unit isthen connected to a video multiplex which will be used to insert theenciphered digital signal R(8) into certain lines associated with theframe synchronizing and blanking signal of a conventional colour videosignal, where this signal retains its own content. In anotherembodiment, the enciphered digital signal R(8) can occupy video channel("full channel" use). The enciphering unit is interconnected between theANTIOPE message source and the multiplexer, wherein theelectrical-matching use precautions are taken.

Upon reception in the user's facilities, one terminal comprises a videodemultiplexer for separating out the conventional video signaltransmitted to the television receiver and the enciphered digital signalR(8). The latter signal is received on input 200 of the deciphering unitwhich delivers the deciphered N(8) signal to an ANTIOPE syntax monitor.The syntactical monitor supplies orders to a visualization device whichcomplies the ANTIOPE message pages presented afterwards on the receivercathode ray tube.

Were the user not to have entered the key corresponding to theenciphering of the transmitted message in the reading equipment 26, i.e.the magazine he wishes to visualize, then the images transmitted afterdeciphering are completely illegible. As regards the complex encipheringintroduced according to the invention, the user, no matter how expert hemay be, is incapable of deciphering the visualized pages. Indeed, hemust know how the table of words P=Q in the memories 12 and 22, and alsothe initial state C_(o) (8) of the register 131 prior to enciphering,which a priori differs for each message transmission. Should the userdetermine the table of memories 12 and 22 for one message, he wouldstill not be able to use it for another message since for each keyidentifying a message there corresponds a table P=Q determined by thealgorithm inherent in the computers 15 and 25.

In a preferred embodiment, the logic operations g and h are theexclusive "OR" in Boolean algebra affecting each of the 8 pairs of likerank bits of the N(8) and P(8) words in the enciphering unit and theR(8) and Q(8) words in the deciphering unit. Each logic circuit 11, 21thus comprises 8 exclusive OR gates, each one having one input connectedto a wire of bus 110, 210 and one input connected to a wire of bus 111,211. It appears that the relationships defining the so-called "contrary"h function of g

    N=h(R, Q=P) when R=g(N, P)

are applicable to the exclusive OR functions g=h, denoted hereinafter bythe sign ⊕:

    N=R⊕P when R=N⊕P.

A second application concerns any encrypted television system based onconverting electric potentials representative of a part of a televisionimage (line, point, etc), controlled by a binary message characteristicof the received message.

A system such as this is represented by the French encrypted televisionsystem referred to as DISCRET ("DISpositif de CRyptage pour Emission deTelevision"--encrypting device for television emission--) which is forthe transmission of programmes directed strictly at a group of specificteleviewers. The method brought into play by this system is based on theinversion and the shifting, by delay circuits, of the video signallines, where these operations are controlled by a conventionalpseudo-random generator with bistable flip-flops and wrap-arounds bylogic gates of the exclusive OR type. Two digital data words arerequired to operate the pseudo-random generator. The first socalledconfiguration word indicates the wrap-around performed and therefore,indentifies the stream generated. The second so-called synchronizationword loaded into the flip-flops at predetermined times and indicates thestart of the stream.

In the DISCRET system, the synchronization word is periodically modifiedby conveying its binary content using a procedure established by theFrench DIDON system (DIffusion de DONnees--data diffusion--) which isidentical to that of the conveyance laid down by the ANTIOPE system. Inaccordance with the invention, the enciphering and decipheringoperations performed by enciphering and deciphering units as shown inFIGS. 1 and 2 are applicable, as regards M(m) or N(n) words, to thesynchronization words of the DISCRET system.

In another application, further to the preceding one, the encipheringunit of FIG. 1 has its input E₁ connected to the output of the DISCRETsystem pseudo-random generator. In the receiver, the deciphering unit ofFIG. 2 is connected upstream of the pseudo-random generator and deliversthe deciphered stream at its output S₂. The configuration word, whichdoes not undergo enciphering and deciphering, can be used as a key Cand, therefore, can be transmitted to the inputs 150, 250 of thecomputers 15, 25.

Generally speaking, it will be noted that a run-of-a-mill digital signalof the pseudo-random type, but also a noise signal, can be retransmittedwithout losing any data at the deciphering unit output, after havingundergone enciphering and deciphering operations in accordance with theinvention.

We claim:
 1. An enciphering and deciphering system for enciphering anddeciphering a digital signal having n-bit words N_(i), wherein theinteger i denotes the rank of said word N_(i) in said signal, into adigital enciphered signal having n-bit words R_(i), said systemcomprising an enciphering unit at the transmitting end and a decipheringunit at the receiving end,said enciphering unit including: logic meansfor combining each word N_(i) and an n-bit predetermined word P_(i-1) inaccordance with a logic function g to produce a corresponding encipheredword R_(i) =g(N_(i), P_(i-1)), and means comprising a register forreceiving the enciphered words R_(i) to produce the words P_(i-1)according to a predetermined algorithm based on the enciphered wordsR_(i) ; said deciphering unit including logic means for combining eachenciphered word R_(i) and said predetermined word P_(i-1) in accordancewith a logic function to produce a deciphered word N_(i) =h(R_(i),P_(i-1)) corresponding to the enciphered data word, the h function beingcontrary to the g function, means analogous to these of said encipheringunit for producing said words P_(i-1) ; each of said P_(i-1)predetermined word producing means having an output connected to thecorresponding logic means of the deciphering means for storing 2^(a)predetermined words P_(i-1) stored at a respective a-bit addressA_(i-1), and means connected to the corresponding register foraddressing said storing means by said A_(i-1) addresses having a-bitsbelonging at least wholly to the word stored in the correspondingregister.
 2. The system of claim 1 wherein each of the enciphering anddeciphering means further includes a parallel to series converterresponsive to the enciphered word R_(i) derived by the respective logicmeans, each register being an r-stage shift register for seriesreceiving said enciphered words R_(i) as derived by the converter. 3.The system of claim 1 wherein each register comprises plural stages, r,less than or equal to n, means for feeding r parallel bits havingpredetermined rank of each of said enciphered words R_(i) to the rstages of each register.
 4. The system of claim 2 or 3, wherein each ofsaid addressing means comprises means for selecting signals from astages out of the r stages of said register to transmit said a-bitaddresses A_(i) to said storing means.
 5. The system of claim 1, 2 or 3,wherein said memorizing means is a read memory containing saidpredetermined words P_(i) at the corresponding addresses A_(i).
 6. Thesystem of claim 1 wherein said enciphering unit is responsive to adigital signal having m-bit words M(m) and comprises: first inputparallel-to-parallel converting means for converting the digital signalhaving m-bit words M(m) into said digital signal having n-bit words andfirst output parallel-to-parallel converting means for converting saidn-bit enciphered digital signal words into an enciphered digital signalhaving m-bit words R(m); and said deciphering unit comprises: secondinput parallel-to-parallel converting means for converting said digitalsignal having m-bit words R(m) into said digital signal having n-bitenciphered words, and a second output parallel-to-parallel convertingmeans for converting said digital signal having n-bit deciphered wordsinto the deciphered digital signal having m-bit words M(m).
 7. Anenciphering and deciphering system for enciphering and deciphering adigital signal having n-bit words N_(i), wherein the integer i denotesthe rank of said word N_(i) in said signal, into a digital encipheredsignal having n-bit words R_(i), said system comprising an encipheringunit at the transmitting end and a deciphering unit at the receivingend,said enciphering unit including first logic means for combining eachword N_(i) and an n-bit predetermined word P_(i-1) in accordance with alogic function g for deriving a corresponding enciphered word R_(i)=g(N_(i), P_(i-1)) and means comprising a first register responsive tothe enciphered word R_(i) for deriving the words P_(i-1) according to apredetermined algorithm that is a function of the enciphered wordsR_(i), said deciphering unit including second logic means for combiningeach enciphered word R_(i) and said predetermined word P_(i-1) inaccordance with a logic function h to produce the correspondingdeciphered word N_(i) =h(R_(i), P_(i-1)), function h being contrary tofunction g, and means comprising a first register responsive to theenciphered word R_(i) for deriving the words P_(i-1) according to apredetermined algorithm that is a function of the enciphered wordsR_(i), each of said P_(i-1) predetermined word producing meanscomprising a programmable memory connected between the respectiveregister and logic means for storing 2^(a) predetermined words P_(i-1)at respective a-bit addresses A_(i-1), the means for storing beingaddressed by said register, and computing means for (a) disconnectingsaid register and said memory before enciphering and deciphering tocompute the words P_(i) per a predetermined algorithm and selectively interms of a predetermined code word and (2) for supplying said computedP_(i) words to said respective addresses A_(i) in said programmablememory.
 8. The system of claim 7 further comprising separate meansconnected between an output of said respective register and the addressinput of said respective memory for selecting a outputs of saidrespective register out of r to supply said a-bit addresses A_(i) tosaid address input of said respective memory.
 9. The system of claim 8wherein said selecting means is controlled by said computing means toselect a outputs of said register out of r-bits of said predeterminedcode word.
 10. The system of claims 1, 2, 3, 6, 7, 8 or 9 wherein:saidenciphering means comprises a plurality, (K) of said enciphering units,the enciphered word output of the logic means of enciphering unit ofrank k (1≦k≦K) being connected to the word-to-be-enciphered input of thelogic means of the enciphering unit of rank k+1, and said decipheringmeans comprises a plurality (K) of said deciphering units in series, thedeciphered word output of the logic means of deciphering unit of rank kbeing connected to the word-to-be-deciphered input of the logic means ofthe deciphering unit of preceding rank.
 11. The system of claim 10further including means for reading said predetermined code word (C),wherein the pair of the enciphering and deciphering units of the samerank k including the computing means is connected to means for readingsaid predetermined code word (C), said code word including elementarycode words respectively assigned to the pair of said enciphering anddeciphering units.
 12. Apparatus for enciphering or deciphering amulti-bit input word having n-bits, the input word being a signal to beenciphered into a coded output when the apparatus performs anenciphering function, the input word being a coded signal to bedeciphered when the apparatus performs a deciphering function,comprising means for deriving a multi-bit enciphering word havingn-bits, a logic circuit responsive to the input and enciphering wordsfor deriving a multi-bit output word having n-bits, each bit of theoutput word being responsive to the combination of a predetermined logicfunction of a bit of the input word and a bit of the enciphering word,each bit of the input word being combined with a different bit of theenciphering word to form one bit of the output word, the encipheringword deriving means including: an addressable memory for deriving theenciphering word having n-bits, and means responsive to the output wordat time t₁ for addressing the memory to read out an enciphering word towhich the logic circuit is responsive at time t₂, where time t₂ issubsequent to time t₁.
 13. The apparatus of claim 12 wherein the memoryis addressed by a word having m-bits, where m is an integer differentfrom n, the addressing means including register means responsive to theoutput word for converting the n-bits of the output word into an m-bitaddress word.
 14. The apparatus of claim 13 further including means forat will varying which of the n-bits of the output word are supplied asthe n-bits of the address word.
 15. The apparatus of claim 12 furtherincluding means for at will varying the contents of the memory wordsaddressed in response to the output word and supplied as the encipheringword to the logic means.
 16. The apparatus of claim 12 wherein the logiccircuit includes n logic elements each having the same input-outputfunctional relation, the n-bits of the input word being simultaneouslyapplied to a first input of the n logic elements, the n-bits of theenciphering word being simultaneously applied to a second input of the nlogic elements, the n-bits of the output word being simultaneouslyderived from an output of the n elements.